similar to: Group memberships on Linux AD Member (syncing randomly)

Hi Alexander, I'm terribly sorry. We didnt have the "ntlm auth" parameter configured on the DCs at all. I added it and it just works. Thanks for your help. Now I just need to figure out how I can make WLAN-specific LDAP-Group authentication. e. g. production WLAN needs LDAP group "wlan_production" and management WLAN needs the "wlan_management" group. I

Hi Matthias, we?re using Debian Bullseye with the backports repo. So version is a mixture of - Samba version 4.17.3-Debian - Samba version 4.17.7-Debian We?ve installed it directly on the DC?s as well. In my opinion using "ntlm auth = yes? should be fine. Did you try using a simple RADIUS secret? In my experience long secrets or ones containing special characters don?t work very well. I

I can share my notes, we authenticate UniFi clients via Freeradius against Samba AD. We also check group membership which you might or might not need: ## 4 FreeRADIUS ### 4.1 Basics ```bash apt install freeradius freeradius-ldap freeradius-utils # create new DH-params openssl dhparam -out /etc/freeradius/3.0/certs/dh 2048 ``` ### 4.2 Configure Authentication - modify mschap to use winbind,

Hello Alexander, thanks Alexander for these configuration snippets. Which version of Samba are you using? Is this on debian bullseye? Is the FreeRADIUS server installed on a DC or on a Domain Member? (I just tested the latter). is "ntlm auth = yes" OK for the DCs and the domain member or does it have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It

Hi Team, Did anybody solve the issue of FScrawler crawling over multiple shares, preferably from a single job or from a single service? Setting up a service for FScrawler per share does not scale very nice... - Kees.

13.07.2023 19:17, Adi Kriegisch wrote: > Hi! > >> I was looking at the code this morning trying to figure out how to >> reject packet with lvl2 properly, - unfortunately I don't know samba >> well enough to be able to find the place "quickly" and I got distracted >> by other things. It was my first thought when someone posted the debug >> info

So I have two issues. 1) Using Samba 4.19.2 with spotlight and elasticsearch 8.10.3 doesn?t work. Errors: [2023/10/22 09:04:17, 0] ../../source3/rpc_server/mdssvc/mdssvc_es.c:755(mds_es_search_http_read_done) mds_es_search_http_read_done: json_loadb failed 2) Using Samba 4.19.2 with spotlight and elasticsearch 7.17.10 works. There is a bug where when the samba server is running and files

Dear All, Well, this is very embarrassing.... It seems that running 'smbcontrol all reload-config' isn't sufficient for reloading the ntlm config parameters. I tried restarting the whole samba service on the DC my FR box was authenticating against (systemctl restart sernet-samba-ad) and my test laptop is now connected to the network on the correct VLAN. I apologise for wasting

Hello Tim, Hello samba-people, is there an uptodate guide for authenticating via freeradius somewhere? I have some Ubiquiti APs plus a Cloud Key and I want to authenticate WLAN clients via WPA2-Enterprise instead of a (shared) PSK. It seems like https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory is missing some steps (basic setup of freeradius). Can you

On 29/06/2023 07:38, Ingo Asche via samba wrote: > Hi, > > there is some progress, even I would'nt call it that. At least they > admitted it's caused through some changes from their side. > > @Rowland: Remember that "old Samba method" part? > > This is their answer. I don't know what to make of it. Maybe someone > with more knowledge about the

Hi Matthias, On 6/30/23 15:40, Matthias Leopold via samba wrote: > Can someone explain what is happening or where I need to tune? this is by design. :) The only reliable way (lacking S4U2SELF support) to get group membership for an AD user, is using the group list the DC passes along to us as part of the authentication process. We're trying extra hard to store this data *persistently*

Hello, yes sadly update 8.9 of elasticsearch broke the samba integration. Seems like 8.10 is still broken. Stay on 8.8 until this is fixed. Ive emailed Ralph B?hme of Sernet already, but hes got no time for it atm. Im not sure about the second part of your bug report though: > There is a bug where when the samba server is running and files are being indexed while samba is running finder

Hey Kees, fs2es-indexer is designed to be a lightweight alternative to FSCrawler. So no ... it doesnt do any content indexing or saves much of the metadata. As far as I understand it the OCR and other stuff makes FScrawler that big. And we dont need any of that - we just want to search for file names. BUT Im open for merge requests ;-) I currently getting away with a lot less complexity

Hallo, just my 2 cents: So Samba 4.12 works, but 4.13+ doesnt? Maybe you can use the same strategy here as used for Win XP or older OS: Setup an isolated (virtualized?) DC with samba 4.12 just for the synology to connect to? You could use firewalld/ufw rules to only allow traffic to the samba ports from one single source IP-adress (the synology) to limit the exposure... Just until synology

Hello samba-people, Ive upgraded our Debian Bullseye servers to Samba 4.18 (thanks to mjt's repositories) and zabbix-server refuses to start with a seg fault. Downgrading back to 4.17 (from bullseye-backports) fixes the issue. This happens with Zabbix Server 6.2.7, 6.2.8, 6.2.9, 6.4.0 and 6.4.1. Ive created a bug report for zabbix here: https://support.zabbix.com/browse/ZBX-22658. You

Dear R-users, I am trying to reshape the DF "dat2" in the "long" format, but can't figure out how to use the "split"-option: > dat2 a.1995.z b.1995.z a.1996.z var 1 100.00000 100.00000 100.00000 Neue Anlagen insgesamt 2 40.09904 23.60890 40.88960 Neue Ausr??stungen 3 59.90096 76.39110 59.11040 Neue Bauten This

Hi, I pasted two server connection logs at https://pastebin.com/vJb5tnTL. First a successful one and second an unsuccessful one. Patrick -----Urspr?ngliche Nachricht----- Von: Damien Miller <djm at mindrot.org> Gesendet: Samstag, 22. Juni 2019 10:43 An: Steinforth, Patrick <Steinforth at osnabrueck.de> Cc: openssh-unix-dev at mindrot.org Betreff: Re: AW: OpenSSH public key

Hey Damien, thank you for your reply. I posted the debug information at https://pastebin.com/40esNPED and replaced some sensitive information before (usernames, servernames, domainnames, IP addresses). In addition I commented some lines with a message like "### <my message> ###". Patrick -----Urspr?ngliche Nachricht----- Von: Damien Miller <djm at mindrot.org> Gesendet:

Dear Sirs, I?m writting a pam module for Radius authentication, which should allow a remote login via ssh on a Linux machine with an openssh server. In particular, the user which is configured at the remote Radius server is not present on the local user database of the Linux machine. Unfortunatly, openssh will not allow to start a PAM user authentication if cannot find the user login in the

Hey guys, I installed OpenSSH 7.9p1 on Windows Server 2016 and generated a SSH key pair with ssh-keygen on my Windows 10 Client (OpenSSH 7.6p1). I can connect to the server with "ssh user at domain@servername -i id_rsa". But as soon as I add the private key to the SSH agent by "ssh-add id_rsa" this does not work anymore and aborts with the message "Permission denied